Hi,

Since I installed the script (3.06) on my server, I've been having a major problem with my server emails.

People are sending spam out, and using my server email to do it. I spoke to my host, and they tell me it's a problem with the phpld script! Somehow I don't believe this, as I'm sure, everyone running it would have the same problem, but I haven't seen anyone post that sort of problem here.

Please, I need feedback to tell my host.

Thanks,

Joanne

I often receive spam mails to my email address from the same email addresse (mine) :) And I have no phpLD on my server.

Hi Boby,

The emails I'm getting aren't from my account, they are from various companies - but somehow they are getting into my server to look like they were sent from there. They have nothing in the headers for return email, except for <>

Joanne

At first I thought that someone got into your server account and do whatever they please.
My thoughts where confirmed when I visited your Website...
Have you notice that you have been hacked by g3n3t1x and SpyTorex :(

While I've never known someone to get hacked as a result of phpLD code, I would like to extend our support to you now, so feel free to PM me your server info, and I will do my best to help you out of this predicament.

Thank you so much Aleister. This is the second time in the past week that my site has been hacked by these monsters. I'm so upset right now, I don't know what to do.

If they don't fix this soon, I'm going to have to switch hosts, yet again, and find one who's security is better (although they state that theirs is amazing - ha!).

Joanne

Well found a present that was left on your server. You host needs to tighten down on the server and since it is a cpanel one tell them to install mod_sec and to disable the exec and passthru etc in the php.ini and if they do not know what that means then it is time to move . I mean good grief there was a a captian crunch team shell script left in your home directoy named anti-security.php I will try to see how they are getting that uploaded now. In your logs you will see me downloading it deleteing it and reuploading it to test if the commands worked (I should have done that before) Also would like to let you know that I run a hosting company and provide security support for numerous hosting companies so yes I do know what I am talking about. Greetings from the west coast btw :)

FYI just found another one .......................... I am deleting them after downloading them Am not going to spend the time listing them found the spammer script also :) or at least the first one

Thank you for doing this for me. I can't believe this!

I am going to tell my host what you said, and see what kind of response I receive.

Thanks again,

Joanne

I can put together a list of filenames that I have found but they need to check the servers /tmp to see if anything is there also.

Hi Dawzz,

You're so sweet. Thank you very much for all your help. Yes, please list the files - maybe others will check their hosting accounts too, to make sure they don't have similar files that shouldn't be there.

The hosting company had uploaded all my files for me to their hosting, and it is probably files that were at my last host, and they didn't even check to make sure of what they were uploading.

Is there supposed to be a php.ini file in my main root directory? I noticed it is the one from Bluehost where I had my domains previously.

Sheesh, I get better support from this forum than I do from my host!

Blessings,
Joanne

No the files were uploaded today during the hack so it wasnt a hold over from the last time. I wnet ahead and disabled alot of things in the php.ini :) if something gives you a problem let me know you should have my email .

This is the email I got from my host:

Staff member, James McEwen responded to your ticket ID 2589:
Hello,

mod_secutiry is enabled on this server. As for the php derectives, You can set this up easily. Simply make a file in your public_html directory called php.ini. The add the setting you want following the following syntax:

php_value = 123
or
php_value = "On"

For all of the php.ini variables and values please see:
http://us2.php.net/manual/en/ini.php

Regards,
Ben

Not much help are they - like as if I'd know what to do with settings!

Thanks for doing all of this for me Dawzz, you're the best!

Joanne

HAHAHAHAHAHA

No matter I disabled things the best I could. We will see. So is James ..... Ben?

Hi again,

Yeah I know - I think they have one computer, and they all use the same one and forget to log in as themselves! And the spelling leaves much to be desired I might add.

I'm goin to HELL, aren't I hehehe

Thanks for fixing things - I haven't had any spam complaints so far - keeping my fingers crossed!

Joanne